12cR2 (12.2.x) |
Approved w/Constraints [5, 7] |
Approved w/Constraints [5, 7] |
Approved w/Constraints [5, 7] |
Approved w/Constraints [5, 7] |
Approved w/Constraints [5, 7] |
Approved w/Constraints [5, 7] |
Approved w/Constraints [3, 5, 6, 7, 8] |
Approved w/Constraints [3, 5, 6, 7, 8] |
Approved w/Constraints [3, 5, 6, 8, 9] |
Approved w/Constraints [3, 5, 6, 9, 10] |
Approved w/Constraints [3, 5, 6, 9, 10] |
Approved w/Constraints [3, 5, 6, 9, 10] |
14c (14.1.x) |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Unapproved |
Approved w/Constraints [3, 5, 6, 7, 8] |
Approved w/Constraints [3, 5, 6, 7, 8] |
Approved w/Constraints [3, 5, 6, 8, 9] |
Approved w/Constraints [3, 5, 6, 9, 10] |
Approved w/Constraints [3, 5, 6, 9, 10] |
Approved w/Constraints [3, 5, 6, 9, 10] |
| | [3] | Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities. | | [5] | Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities. | | [6] | Users should check with their supervisor, Information Security Office (ISO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not authorized and the user should take the proper steps to decline those installations. | | [7] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [8] | Users must ensure that Microsoft Structured Query Language (SQL) Server, Microsoft Internet Information Services (IIS), and Oracle Database are implemented with VA-authorized baselines. (refer to the ‘Category’ tab under ‘Runtime Dependencies’)
This technology must use the latest TRM-authorized version of Java Runtime Environment (JRE) - Oracle.
This technology must use the latest TRM-authorized version of Java Development Kit (JDK) - Oracle.
This product can be configured with a MySQL Database which currently has TRM constraints for intranet use only due to its many known security issues. If MySQL is selected for use with this product, these factors should be considered especially when an instance of this product will be considered a Moderate or High Risk system. See the MySQL Database TRM entry for more details. | | [9] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500. | | [10] | Users must ensure that Microsoft Structured Query Language (SQL) Server, Microsoft Internet Information Services (IIS), and Oracle Database are implemented with VA-authorized baselines. (refer to the ‘Category’ tab under ‘Runtime Dependencies’)
This technology must use the latest TRM-authorized version of Java Runtime Environment (JRE) - Oracle.
This technology must use the latest TRM-authorized version of Java Development Kit (JDK) - Oracle.
This product can be configured with a MySQL Database which currently has TRM constraints for intranet use only due to its many known security issues. If MySQL is selected for use with this product, these factors should be considered especially when an instance of this product will be considered a Moderate or High Risk system. See the MySQL Database TRM entry for more details.
Users must not use My Structured Query Language (MySQL) Database - Community Editions due to it being unapproved (refer to the ‘Category’ tab under ‘Runtime Dependencies`). |
|